Nugetauditsuppress |top| <DIRECT>

NuGetAuditSuppress is an MSBuild item introduced to provide granular control over security warnings (NU1901–NU1904). While previous versions of the .NET SDK required broad workarounds like NoWarn or disabling auditing entirely, NuGetAuditSuppress allows you to target and silence specific advisories based on their unique . Key Version Requirements

| Property | Default | Effect | |----------|---------|--------| | NuGetAudit | true | Enable/disable the audit feature | | NuGetAuditLevel | low | Minimum severity to report (low, moderate, high, critical) | | NuGetAuditSuppress | false | Suppress all audit warnings |

(per package):

The syntax is specific. You need to specify the package ID and the specific Advisory ID (the CVE or GitHub Advisory identifier).

Implementing suppression is straightforward. You add a item to your project file ( .csproj ) or a shared properties file like Directory.Build.props . Example Syntax nugetauditsuppress

Since .NET 8, the NuGet client automatically queries the during restore. If a package with a known, unpatched vulnerability (CVE) is referenced, the build produces warnings like:

NuGetAuditSuppress is an MSBuild item used to exclude specific security advisories from the report. While global settings like false can disable auditing entirely, NuGetAuditSuppress is designed for "surgical" exclusion. It ensures you are only notified of new or unvetted vulnerabilities while silencing known ones that you have already analyzed. NuGetAuditSuppress is an MSBuild item introduced to provide

Use code with caution.